GNOME.org
 

Re: OpenVpn plugin NeedSecret

Hi,
then...below my new (NetworkManager-openvpn) confg file and client.conf (openvpn) config file:

debian# cat /etc/NetworkManager/system-connections/VPNconnection
[connection]
id=VPNconnection
uuid=355653c0-34d3-4777-ad25-f9a498b7ef8e
type=vpn
autoconnect=FALSE

[ipv4]
method=auto

[vpn]
name=openvpn
service-type=org.freedesktop.NetworkManager.openvpn
remote=openvpn.xxx.xxxxx.it
proto-udp=yes
reneg-seconds=0
port=1194
ca=/etc/openvpn/certs/cacert.crt
cert=/etc/openvpn/certs/xxxxxxxx-vpn.pem
key=/etc/openvpn/certs/xxxxxxxxx-vpn-key.pem

[ipv6]
method=ignore

debian# cat /etc/openvpn/client.conf
client
dev tun
proto udp
# This is the remote ip address and port of the VPN Server
remote openvpn.xxx.xxxxxx.it
resolv-retry infinite
ping 10
ping-restart 60
nobind
persist-key
persist-tun
ca certs/cacert.crt
cert certs/xxxxxxxx-vpn.pem
key certs/xxxxxxxxxx-vpn-key.pem
verb 3
comp-lzo
explicit-exit-notify 2
log-append /var/log/openvpn.log

Now...after your changes, if i try to start vpn from NetworkManager i can see these logs:

Nov  3 16:26:54 debian NetworkManager[2899]: <info> Starting VPN service 'openvpn'...
Nov  3 16:26:54 debian NetworkManager[2899]: <info> VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 3296
Nov  3 16:26:54 debian NetworkManager[2899]: <info> VPN service 'openvpn' appeared; activating connections
Nov  3 16:26:54 debian NetworkManager[2899]: <debug> [1320337614.716383] [nm-vpn-connection.c:902] get_secrets(): (355653c0-34d3-4777-ad25-f9a498b7ef8e/VPNconnection) requesting VPN secrets pass #1
Nov  3 16:26:54 debian NetworkManager[2899]: <debug> [1320337614.716961] [nm-agent-manager.c:1100] nm_agent_manager_get_secrets(): Secrets requested for connection /org/freedesktop/NetworkManager/Settings/5 (vpn)
Nov  3 16:26:54 debian NetworkManager[2899]: <debug> [1320337614.717110] [nm-settings-connection.c:850] nm_settings_connection_get_secrets(): (355653c0-34d3-4777-ad25-f9a498b7ef8e/vpn:3) secrets requested flags 0x80000000 hint '(null)'
Nov  3 16:26:54 debian NetworkManager[2899]: <debug> [1320337614.720913] [nm-agent-manager.c:1015] get_start(): (0xfcba0/vpn) system settings secrets sufficient
Nov  3 16:26:54 debian NetworkManager[2899]: <debug> [1320337614.721055] [nm-settings-connection.c:706] agent_secrets_done_cb(): (355653c0-34d3-4777-ad25-f9a498b7ef8e/vpn:3) existing secrets returned
Nov  3 16:26:54 debian NetworkManager[2899]: <debug> [1320337614.721154] [nm-settings-connection.c:712] agent_secrets_done_cb(): (355653c0-34d3-4777-ad25-f9a498b7ef8e/vpn:3) secrets request completed
Nov  3 16:26:54 debian NetworkManager[2899]: <debug> [1320337614.733265] [nm-settings-connection.c:751] agent_secrets_done_cb(): (355653c0-34d3-4777-ad25-f9a498b7ef8e/vpn:3) new agent secrets processed
Nov  3 16:26:54 debian NetworkManager[2899]: <debug> [1320337614.733906] [nm-vpn-connection.c:870] get_secrets_cb(): (355653c0-34d3-4777-ad25-f9a498b7ef8e/VPNconnection) asking service if additional secrets are required
Nov  3 16:26:54 debian NetworkManager[2899]: <info> VPN plugin state changed: 1
Nov  3 16:26:54 debian NetworkManager[2899]: <info> Policy set 'MyConnection' (eth0) as default for IPv4 routing and DNS.
Nov  3 16:27:00 debian NetworkManager[2899]: <info> VPN service 'openvpn' disappeared
Nov  3 16:27:02 debian NetworkManager[2899]: <debug> [1320337622.2972] [nm-vpn-service.c:267] ensure_killed(): waiting for VPN service pid 3296 to exit
Nov  3 16:27:02 debian NetworkManager[2899]: <debug> [1320337622.3592] [nm-vpn-service.c:269] ensure_killed(): VPN service pid 3296 cleaned up

Thanks and Regards

On Thu, Nov 3, 2011 at 4:03 PM, Francesco Andrisani <francesco andrisani acotel com> wrote:
Thanks a lot. But i'm not able to know all parameter to intert into my /etc/NetworkManager/system-connections/VPNconnection.

For example keyfile, certficate, ecc

Please can you tell me how to find these informations (all parameters)?

Thanks and regards


On Thu, Nov 3, 2011 at 3:51 PM, Dan Williams <dcbw redhat com> wrote:
On Thu, 2011-11-03 at 10:26 +0100, Francesco Andrisani wrote:
> Anothe DEBUG info:
>
> debian:/etc/NetworkManager# /usr/libexec/nm-openvpn-service --debug
> ** Message: nm-openvpn-service (version 0.9.0) starting...
> ** Message: real_need_secrets: connection
> -------------------------------------
> connection
>     name : "connection"
>     id : "VPNconnection" (s)
>     uuid : "355653c0-34d3-4777-ad25-f9a498b7ef8e" (s)
>     type : "vpn" (s)
>     permissions : [] (sd)
>     autoconnect : FALSE (s)
>     timestamp : 0 (sd)
>     read-only : FALSE (sd)
>
>
> ipv4
>     name : "ipv4"
>     method : "auto" (s)
>     dns : [] (s)
>     dns-search : [] (sd)
>     addresses : [] (s)
>     routes : [] (s)
>     ignore-auto-routes : FALSE (sd)
>     ignore-auto-dns : FALSE (sd)
>     dhcp-client-id : NULL (sd)
>     dhcp-send-hostname : TRUE (sd)
>     dhcp-hostname : NULL (sd)
>     never-default : FALSE (sd)
>     may-fail : FALSE (sd)
>
>
> ipv6
>     name : "ipv6"
>     method : "ignore" (s)
>     dns : [] (s)
>     dns-search : [] (sd)
>     addresses : [] (s)
>     routes : [] (s)
>     ignore-auto-routes : FALSE (sd)
>     ignore-auto-dns : FALSE (sd)
>     never-default : FALSE (sd)
>     may-fail : TRUE (sd)
>
>
> vpn
>     name : "vpn"
>     service-type : "org.freedesktop.NetworkManager.openvpn" (s)
>     user-name : NULL (sd)
>     data : [ { 'name': openvpn }, ] (s)
>     secrets : [ ] (s)

So here's the problem; the [vpn] setting isn't completely specified.
Did you import this connection from an openvpn config file?  Unless this
was changed at some point (or there's a bug in the editor) this
connection was never valid since it doesn't have the required connection
type field and a few other things.  Here's what it *should* look like:

[vpn]
service-type=org.freedesktop.NetworkManager.openvpn
connection-type=password
password-flags=3
remote=ovpn.mycompany.com
cipher=AES-256-CBC
proto-tcp=yes
reneg-seconds=0
port=443
username=dcbw
ca=/home/dcbw/MyCA.pem

or something along those lines.  If you imported it from a config file,
can you try doing that again?  If it still looks like this, can you send
me the config file so I can see what's going wrong?

Dan

> Regards
>
>
> On Thu, Nov 3, 2011 at 10:12 AM, Francesco Andrisani
> <francesco andrisani acotel com> wrote:
>         OK.
>
>         So i've installed openvpn client on my workstation with
>         certificate authentication and...it work fine.
>         About NetworkManager-openvpn i've installed (from sources)
>         0.9.0 version, the same of NetworkManager (it also installed
>         from sources).
>
>         A clarification...i use the system without X server (no gnome,
>         no kde).
>         Below my NetworkManager and NetworkManager-openvpn
>         configuration files.
>
>         debian:/etc/NetworkManager# cat
>         system-connections/VPNconnection
>         [connection]
>         id=VPNconnection
>         uuid=355653c0-34d3-4777-ad25-f9a498b7ef8e
>         type=vpn
>         autoconnect=FALSE
>
>         [ipv4]
>         method=auto
>
>         [vpn]
>         name=openvpn
>         service-type=org.freedesktop.NetworkManager.openvpn
>
>         [ipv6]
>         method=ignore
>
>         I've no secrets specified here, Is it correct? I've no
>         password for start opevpn client manually. Only certificate
>         authentication.
>
>         debian:/etc/NetworkManager# cat VPN/nm-openvpn-service.name
>         [VPN Connection]
>         name=openvpn
>         service=org.freedesktop.NetworkManager.openvpn
>         program=/usr/libexec/nm-openvpn-service
>
>         Regards
>
>
>
>         On Thu, Nov 3, 2011 at 2:25 AM, Dan Williams <dcbw redhat com>
>         wrote:
>                 On Wed, 2011-11-02 at 10:21 +0100, Francesco Andrisani
>                 wrote:
>                 > (355653c0-34d3-4777-ad25-f9a498b7ef8e/VPNconnection)
>                 plugin
>                 > NeedSecrets
>                 > request #1 failed: dbus-glib-error-quark Invalid
>                 connection type.
>
>
>                 This part is the problem.  Any chance you could paste
>                 in your vpn
>                 connection file
>                 from /etc/NetworkManager/system-connections for us to
>                 look at?  Remove any passwords and XXXX out any
>                 sensitive information
>                 before doing so.
>
>                 Any idea what version of NetworkManager-openvpn you've
>                 got installed?
>
>                 Dan
>
>
>
>
>
>
>         --
>         ____________________________________________________
>         Francesco Andrisani
>         mailto:francesco andrisani acotel com
>         Acotel Spa
>         http://www.acotel.com
>         Via della Valle dei Fontanili, 29
>         00168 Roma
>         Tel +390661141200
>         Fax +39066149936
>         ____________________________________________________
>
>
>           Le informazioni contenute nella comunicazione che precede
>              possono essere riservate e sono, comunque, destinate
>            esclusivamente alla persona o all’ente sopraindicati. La
>          diffusione, distribuzione e/o copiatura non autorizzata del
>         documento trasmesso da parte di qualsiasi soggetto è proibita.
>              La sicurezza e la correttezza dei messaggi di posta
>          elettronica non possono essere garantite. Se avete ricevuto
>            questo messaggio per errore, Vi preghiamo di contattarci
>                            immediatamente. Grazie.
>
>            This message is for the named person's use only. It may
>            contain confidential, proprietary or legally privileged
>         information. No confidentiality or privilege is waived or lost
>           by any transmission. If you receive this message in error,
>          please immediately delete it and all copies of it from your
>          system, destroy any hard copies of it and notify the sender.
>              You must not, directly or indirectly, use, disclose,
>         distribute, print, or copy any part of this message if you are
>                       not the intended recipient. Thanks
>
>
>
>
>
>
> --
> ____________________________________________________
> Francesco Andrisani
> mailto:francesco andrisani acotel com
> Acotel Spa
> http://www.acotel.com
> Via della Valle dei Fontanili, 29
> 00168 Roma
> Tel +390661141200
> Fax +39066149936
> ____________________________________________________
>
>
>   Le informazioni contenute nella comunicazione che precede possono
>    essere riservate e sono, comunque, destinate esclusivamente alla
>   persona o all’ente sopraindicati. La diffusione, distribuzione e/o
>     copiatura non autorizzata del documento trasmesso da parte di
>    qualsiasi soggetto è proibita. La sicurezza e la correttezza dei
>  messaggi di posta elettronica non possono essere garantite. Se avete
>   ricevuto questo messaggio per errore, Vi preghiamo di contattarci
>                        immediatamente. Grazie.
>
>    This message is for the named person's use only. It may contain
>    confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any transmission. If
>  you receive this message in error, please immediately delete it and
>  all copies of it from your system, destroy any hard copies of it and
>     notify the sender. You must not, directly or indirectly, use,
>  disclose, distribute, print, or copy any part of this message if you
>                 are not the intended recipient. Thanks
>
>





--
____________________________________________________
Francesco Andrisani
mailto:francesco andrisani acotel com
Acotel Spa
http://www.acotel.com
Via della Valle dei Fontanili, 29
00168 Roma
Tel +390661141200
Fax +39066149936
____________________________________________________

Le informazioni contenute nella comunicazione che precede possono essere riservate e sono, comunque, destinate esclusivamente alla persona o all’ente sopraindicati. La diffusione, distribuzione e/o copiatura non autorizzata del documento trasmesso da parte di qualsiasi soggetto è proibita. La sicurezza e la correttezza dei messaggi di posta elettronica non possono essere garantite. Se avete ricevuto questo messaggio per errore, Vi preghiamo di contattarci immediatamente. Grazie.

This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any transmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Thanks





--
____________________________________________________
Francesco Andrisani
mailto:francesco andrisani acotel com
Acotel Spa
http://www.acotel.com
Via della Valle dei Fontanili, 29
00168 Roma
Tel +390661141200
Fax +39066149936
____________________________________________________

Le informazioni contenute nella comunicazione che precede possono essere riservate e sono, comunque, destinate esclusivamente alla persona o all’ente sopraindicati. La diffusione, distribuzione e/o copiatura non autorizzata del documento trasmesso da parte di qualsiasi soggetto è proibita. La sicurezza e la correttezza dei messaggi di posta elettronica non possono essere garantite. Se avete ricevuto questo messaggio per errore, Vi preghiamo di contattarci immediatamente. Grazie.

This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any transmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Thanks


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]